<!productcrud.php
//created: 12/1/12 by Steve Vo
>

<?php
function myUpload() {
	
	if (is_uploaded_file($_FILES['aFile']['tmp_name'])) {
     $fileName = $_FILES['aFile']['tmp_name'];
	
	$realName = $_FILES['aFile']['name'];
	print "<br>The file $realName was uploaded successfuly";
	session_start();
	$_SESSION['file'] = $realName;
	session_write_close();
	move_uploaded_file($_FILES['aFile']['tmp_name'],
       "C:\Program Files (x86)\Zend\Apache2\htdocs\images\ ".
       $realName);
   } else {
     print"<br>Possible file upload attack:".$_FILES['aFile']['name'].".";
   }
}
?>

<?php
	session_name('login');
	session_start();
	if($_SESSION['username'] == null)
	{
		header("location: /home.php");
	}
	
	$mysql_con = new mysqli("localhost","root","","tc_apparel");
			if(mysqli_connect_errno()){
			echo(",<p>Error creating DB connection</p>");
			exit;
			}
	$sql = "select * from products";
	$result = $mysql_con->query($sql);
	$row = $result->fetch_assoc();
	$product_cnt = $result->num_rows;
	$mysql_con->close();
	
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
	<head>
		<script src="javascript/tcaparrel.js" type="text/javascript"></script>
		<link rel="StyleSheet" href="css/tcaparrel.css" type="text/css">
		<link rel="StyleSheet" href="css/header.css" type="text/css">
	</head>

	<body class="productPage">
	
	
	<div class="contentWrapper">
		<div class="header">
		<?php 
		session_name('login');
		session_start();
		if(isset($_SESSION['username']))
		{
			include('loggedInUserHeader.php');
		}
		else
		{
			include ('loginformheader.php');
		}
		?>
		</div>
		
		
		<div class="menubarContentWrapper">
			<div class="menubar">
				<div class="menuItem" onclick="sweatshirts_click()"><label style="cursor: inherit">SweatShirts</label></div>
				<div class="menuItem" onclick="hats_click()"><label style="cursor: inherit">Hats</label></div>
				<div class="menuItem" onclick="tshirts_click()"><label style="cursor: inherit">T-Shirts</label></div>
				<div class="menuItem" onclick="pants_click()"><label style="cursor: inherit">Pants</label></div>
			</div>
		</div>
		
		<table>
	<tr>
		<td>
		
		<h1>Add Product</h1>
		
	
			<?php
				// Check to see if the upload button has been pressed
				if (isset($_REQUEST['task']))   {
					if ($_REQUEST['task'] == "uploadfile") {
						myUpload();     // call the function myUpload()
					}
				}
			?>
			
			<form enctype="multipart/form-data" method="POST"
			action="productcrud.php?task=uploadfile">
			File Name: 
			<input type="file" name="aFile" size="35"><br>
			<input type="hidden" name="MAX_FILE_SIZE" value="2000000"><br>
			<input type="submit" value="Upload" name="B1">
			Please wait for confirmation
			</form>
	
	<form name="addProductForm" action="productcrud.php" method="post">
		<table>
			<tr>
				<td>
					<label>
						Product Name: 
					</label>
				</td>
				<td>
					<input type="text" name="product_name" maxlength="20" />
				</td>
			</tr>
			<tr>
				<td>
					<label>
						 Description:
					</label>
				</td>
				<td>
					<input type="text" name="description" maxlength="30" />
				</td>
			</tr>
			<tr>
				<td>
					<label>
						Price: 
					</label>
				</td>
				<td>
					<input type="text" name="price" maxlength="20" />
				</td>
			</tr>
			<tr>
				<td>
					<label>
						Quantity: 
					</label>
				</td>
				<td>
					<input type="text" name="quantity" maxlength="20" />
				</td>
			</tr>
			
			<tr>
				<td>
					<label>
						Category*:
					</label>
				</td>
				<td>
					<select id="category" name="category" onchange="dateSelect()">
						<option value="HATS">Hats</option>
						<option value="SWEATSHIRTS">Sweatshirts</option>
						<option value="TSHIRTS">Tshirts</option>
						<option value="PANTS">Pants</option>
					</select>
					
				</td>
			</tr>
			
		  
			<tr>
				<td colspan="2" align="right">
					<input type="submit" name="addProduct"  value="Submit" />
				</td>
			</tr>
	</tr>
		
		</tr>
		</table>
	</form>
	</td>
	<td>
	<h1>Update Product</h1>
	
	<form name="updateProductForm" action="productcrud.php" method="post">
		<table>
			<tr>
				<td>
					<label>
						Product ID*: 
					</label>
				</td>
				<td>
					<input type="text" name="product_id" maxlength="20" />
				</td>
			</tr>
			<tr>
				<td>
					<label>
						Product Name: 
					</label>
				</td>
				<td>
					<input type="text" name="product_name" maxlength="20" />
				</td>
			</tr>
			<tr>
				<td>
					<label>
						 Description:
					</label>
				</td>
				<td>
					<input type="text" name="description" maxlength="30" />
				</td>
			</tr>
			<tr>
				<td>
					<label>
						Price: 
					</label>
				</td>
				<td>
					<input type="text" name="price" maxlength="20" />
				</td>
			</tr>
			<tr>
				<td>
					<label>
						Quantity: 
					</label>
				</td>
				<td>
					<input type="text" name="quantity" maxlength="20" />
				</td>
			</tr>
			
			<tr>
				<td>
					<label>
						Action*:
					</label>
				</td>
				<td>
					<select id="action" name="action" onchange="dateSelect()">
						<option value="UPDATE">Update</option>
						<option value="DELETE">Delete</option>
					</select>
					
				</td>
			</tr>
			
		  
			<tr>
				<td colspan="2" align="right">
					<input type="submit" name="updateProduct"  value="Submit" />
				</td>
			</tr>
		</table>
	</form>
	<tr>
			
				<table class="allUsers">
					<tr>
						<th>Product ID</th>
						<th>Product Name</th>
						<th>Category</th>
						<th>Product Price</th>
						<th>Product Description</th>
						<th>Stock</th>
						
					</tr>
					
				<?php 
				
					while($row = $result->fetch_assoc())
					{
						$product_id = $row['product_id'];
						$product_name = $row['product_name'];
						$price = $row['price'];
						$category = $row['category'];
						$descpt = $row['description'];
						$quantity = $row['quantity'];
						
						echo "
					<tr>
						<td class='allUsers'>$product_id </td>
						<td class='allUsers'>$product_name</td>
						<td class='allUsers'>$category </td>
						<td class='allUsers'>$price</td>
						<td class='allUsers'>$descpt</td>
						<td class='allUsers'>$quantity </td>
						
					</tr>
							";
					}
				?>
				</table>
	</tr>
	</table>
			
		
		<?php
			

		if(isset($_POST['addProduct']))
		{

			$mysql_con = new mysqli("localhost","root","","tc_apparel");
			if(mysqli_connect_errno()){
			echo(",<p>Error creating DB connection</p>");
			exit;
			}
			$image_loc = "/images/".$_SESSION['file'];
			$sql = "insert into products(product_name,description,price,category,image_loc,quantity)values('"
			.$_POST['product_name']."','".$_POST['desription']."','".$_POST['price']."','".$_POST['category']."','"
			.$image_loc."','".$_POST['quantity']."')";    
							
			$mysql_con->query($sql);
			$mysql_con->close();
			
		}
		
		if(isset($_POST['updateProduct']))
		{
			$mysql_con = new mysqli("localhost","root","","tc_apparel");
			if(mysqli_connect_errno()){
			echo(",<p>Error creating DB connection</p>");
			exit;
			}
			
			if($_POST['action'] == "UPDATE")
			{
				$sql = "update products set price=".$_POST['price'].",quantity=".$_POST['quantity'].
																	" where product_id=".$_POST['product_id'];
				$mysql_con->query($sql);
				$mysql_con->close();
			}
			
			if($_POST['action'] == "DELETE")
			{
				$sql = "delete from products where product_id=".$_POST['product_id'];
				$mysql_con->query($sql);
				$mysql_con->close();
			}
		}
		?>
		
		<div class="footer"></div>
		</div>
	</body>

</html>